Can't Delete Temp Folder in windows perflib_perfdata5f0.dat in use?

IT_Starter · 10-09-2008, 10:45 AM

tetonbob,

here is the log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by Benim at 2008-10-09 19:38:59
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (14%) free of 13 GB
Total RAM: 255 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:33, on 9-10-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\vsnpstd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Documents and Settings\Benim\Bureaublad\RSIT.exe
C:\Program Files\trend micro\Benim.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.google.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {39E18B0E-8E43-4ED5-0990-8E41B0D626E4} - C:\DOCUME~1\BENIMS~1\APPLIC~1\CLOCKR~1\Compsupport.exe (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (file missing)
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\system32\wintcpmod.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PrjLithium] C:\Program Files\Project Lithium\prjLithium.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-20 Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'Netwerkservice')
O4 - S-1-5-18 Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe (file missing)
O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/si...rInstallNL.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: RA Server (Slave) - Unknown owner - C:\WINDOWS\Slave.exe (file missing)

--
End of file - 8485 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AEE4AD0E94FF22AA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39E18B0E-8E43-4ED5-0990-8E41B0D626E4}]
C:\DOCUME~1\BENIMS~1\APPLIC~1\CLOCKR~1\Compsupport.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Aanmelden - Help - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A491D208-B353-490F-B81A-A8A3DC97042D}]
IeHelper Class - C:\WINDOWS\system32\smiehlp.dll [2005-02-10 36864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{014DA6C9-189F-421a-88CD-07CFE51CFF10} - My Search Bar - C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-04-14 579584]
"snpstd"=C:\WINDOWS\vsnpstd.exe [2003-12-31 40960]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"DSS"=C:\WINDOWS\system32\wintcpmod.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"LXCGCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-05-09 5724184]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 -reboot 1 []
"DriverMax"=C:\Program Files\Innovative Solutions\DriverMax\devices.exe [2008-10-02 5344600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti Trojan Elite]
C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MindSoft FreeRAM]
C:\Program Files\MindSoft\MindSoft Utilities 2008\FreeRAM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
C:\Cpqs\Scom\srmclean.exe [2001-07-25 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2
"WMPNetworkSvc"=3
"TapiSrv"=3
"Schedule"=2
"RDSessMgr"=3
"BthServ"=2
"helpsvc"=2

C:\Documents and Settings\Benim\Menu Start\Programma's\Opstarten
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Disabled:Bluetooth Application"
"E:\Kazaa Lite K++\KazaaLite.kpp"="E:\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite"
"E:\Emule Lite\Emule.exe"="E:\Emule Lite\Emule.exe:*:Disabled:eMule Lite"
"C:\Program Files\Paltalk Messenger\paltalk.exe"="C:\Program Files\Paltalk Messenger\paltalk.exe:*:Disabled:Paltalk Messenger 8.1"
"C:\WINDOWS\System32\usmt\migwiz.exe"="C:\WINDOWS\System32\usmt\migwiz.exe:*:Enabled:Wizard Bestanden en instellingen overzetten"
"D:\eMule\emule.exe"="D:\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Disabled:Half-Life Launcher"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\benimsanane\Local Settings\Temp\Rar$EX01.282\BlueSoleil.exe"="C:\Documents and Settings\benimsanane\Local Settings\Temp\Rar$EX01.282\BlueSoleil.exe:*:Enabled:Bluetooth Application"
"C:\Documents and Settings\benimsanane\Local Settings\Temp\Rar$EX00.750\BlueSoleil.exe"="C:\Documents and Settings\benimsanane\Local Settings\Temp\Rar$EX00.750\BlueSoleil.exe:*:Enabled:Bluetooth Application"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC-toepassingen delen"
"C:\WINDOWS\System32\lxcgcoms.exe"="C:\WINDOWS\System32\lxcgcoms.exe:LocalSubNet:Enabled:2300 Series"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03686ba2-8bca-11dd-975f-0040ca394f76}]
shell\AutoRun\command - \StartPortableApps.exe

======List of files/folders created in the last 1 months======

2008-10-09 19:39:11 ----D---- C:\Program Files\trend micro
2008-10-09 19:38:59 ----D---- C:\rsit
2008-10-09 18:41:07 ----D---- C:\Program Files\Innovative Solutions
2008-10-09 17:37:47 ----D---- C:\Documents and Settings\Benim\Application Data\InterVideo
2008-10-09 17:34:02 ----D---- C:\Program Files\InterVideo
2008-10-08 23:00:33 ----SHD---- C:\Config.Msi
2008-10-07 21:40:52 ----A---- C:\Documents and Settings\Benim\Application Data\inst.exe
2008-10-07 21:40:51 ----D---- C:\Documents and Settings\Benim\Application Data\Vso
2008-10-07 21:32:07 ----D---- C:\Documents and Settings\Benim\Application Data\Canneverbe_Limited
2008-10-07 20:15:51 ----D---- C:\Documents and Settings\Benim\Application Data\Ahead
2008-10-07 14:14:12 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-06 22:58:07 ----D---- C:\Wizards
2008-10-06 22:53:46 ----D---- C:\Program Files\The Game Creators
2008-10-06 22:35:40 ----A---- C:\WINDOWS\system32\dswaved.dll
2008-10-06 22:35:40 ----A---- C:\WINDOWS\system32\dmusicd.dll
2008-10-06 22:35:40 ----A---- C:\WINDOWS\system32\dmsynthd.dll
2008-10-06 22:35:40 ----A---- C:\WINDOWS\system32\dmstyled.dll
2008-10-06 22:35:40 ----A---- C:\WINDOWS\system32\dmscripd.dll
2008-10-06 22:35:39 ----A---- C:\WINDOWS\system32\dmloaded.dll
2008-10-06 22:35:39 ----A---- C:\WINDOWS\system32\dmimed.dll
2008-10-06 22:35:39 ----A---- C:\WINDOWS\system32\dmcompod.dll
2008-10-06 22:35:39 ----A---- C:\WINDOWS\system32\dmbandd.dll
2008-10-06 22:35:37 ----A---- C:\WINDOWS\system32\dinput8d.dll
2008-10-06 22:35:36 ----A---- C:\WINDOWS\system32\d3dx9d_35.dll
2008-10-06 22:35:34 ----A---- C:\WINDOWS\system32\d3dx9d_33.dll
2008-10-06 22:35:33 ----A---- C:\WINDOWS\system32\d3dref9.dll
2008-10-06 22:35:33 ----A---- C:\WINDOWS\system32\d3dref8.dll
2008-10-06 22:35:33 ----A---- C:\WINDOWS\system32\d3dref.dll
2008-10-06 22:35:29 ----A---- C:\WINDOWS\system32\d3d9d.dll
2008-10-06 22:35:28 ----A---- C:\WINDOWS\system32\d3d8d.dll
2008-10-06 22:22:42 ----D---- C:\Program Files\Microsoft DirectX SDK (August 2007)
2008-10-06 22:22:10 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-10-06 22:22:05 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-10-06 22:22:04 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-10-06 22:21:56 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-10-06 22:21:39 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-10-06 22:21:37 ----A---- C:\WINDOWS\system32\x3daudio1_2.dll
2008-10-06 22:21:23 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-10-06 22:21:22 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-10-06 22:21:08 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-10-06 22:20:59 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-10-06 22:20:52 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-10-06 22:20:42 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-10-06 22:20:41 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-10-06 22:20:12 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-10-06 22:20:07 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-10-06 22:20:01 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-10-06 22:19:55 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-10-06 22:19:53 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-10-06 22:19:52 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-10-06 22:19:49 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-10-06 22:19:47 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-10-06 22:19:45 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-10-06 22:19:42 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-10-06 22:19:39 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-10-06 22:19:28 ----D---- C:\Documents and Settings\Benim\Application Data\Macromedia
2008-10-06 22:19:24 ----D---- C:\Documents and Settings\Benim\Application Data\Adobe
2008-10-06 22:19:12 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-10-06 22:18:03 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-10-06 22:17:57 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-10-06 22:17:56 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-10-06 22:17:53 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-10-06 22:17:48 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-10-06 22:17:43 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-10-06 22:17:39 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-10-06 22:17:34 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-10-06 22:17:30 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-10-06 22:17:19 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-10-06 22:08:37 ----D---- C:\Documents and Settings\Benim\Application Data\WinRAR
2008-10-06 22:03:59 ----D---- C:\Documents and Settings\Benim\Application Data\AVG7
2008-10-06 00:45:45 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-04 20

14 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-10-04 20

12 ----D---- C:\Program Files\NOS
2008-10-04 17:08:17 ----D---- C:\Program Files\Microsoft SQL Server
2008-10-04 16:37:46 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2008-10-04 16:37:46 ----D---- C:\Program Files\Common Files\Merge Modules
2008-10-04 16:37:44 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-04 16:31:59 ----D---- C:\Program Files\Microsoft SDKs
2008-10-03 16:14:23 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-03 16:09:38 ----D---- C:\WINDOWS\SxsCaPendDel
2008-10-02 20:13:48 ----D---- C:\Program Files\HijackThis
2008-10-01 18:40:22 ----SHD---- C:\WINDOWS\Folder Settings
2008-10-01 17:13:42 ----SHD---- C:\Folder Settings
2008-10-01 16:39:31 ----D---- C:\Program Files\StyleFolder
2008-09-27 14:50:39 ----A---- C:\WINDOWS\VekaRom.INI
2008-09-26 14:31:58 ----D---- C:\Program Files\HP
2008-09-20 10:26:19 ----A---- C:\WINDOWS\ODBC.INI
2008-09-20 10:25:48 ----A---- C:\WINDOWS\system32\mdimon.dll
2008-09-20 10:22:32 ----D---- C:\Program Files\Common Files\L&H
2008-09-20 10:21:23 ----D---- C:\Program Files\Microsoft ActiveSync
2008-09-20 10:19:43 ----D---- C:\Program Files\Common Files\DESIGNER
2008-09-20 10:19:23 ----D---- C:\Program Files\Microsoft Works
2008-09-20 10:18:50 ----D---- C:\Program Files\Microsoft Visual Studio
2008-09-20 10:17:27 ----D---- C:\WINDOWS\SHELLNEW
2008-09-20 10:16:46 ----D---- C:\Program Files\Microsoft.NET
2008-09-20 10:16:45 ----D---- C:\Program Files\Microsoft Office
2008-09-20 10:16:45 ----D---- C:\Program Files\Common Files\ODBC
2008-09-20 10:13:27 ----RHD---- C:\MSOCache
2008-09-20 10:12:27 ----D---- C:\Program Files\MagicDisc
2008-09-17 07:49:08 ----D---- C:\Documents and Settings\Benim\Application Data\Identities
2008-09-17 07:48:50 ----ASH---- C:\Documents and Settings\Benim\Application Data\desktop.ini
2008-09-17 07:48:49 ----SD---- C:\Documents and Settings\Benim\Application Data\Microsoft

======List of files/folders modified in the last 1 months======

2008-10-09 19:39:11 ----D---- C:\Program Files
2008-10-09 17:37:00 ----D---- C:\WINDOWS\temp
2008-10-09 17:34:01 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-09 17:25:47 ----RD---- C:\WINDOWS
2008-10-09 17:12:34 ----D---- C:\Program Files\Lx_cats
2008-10-09 17:11:52 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-09 17:11:51 ----HD---- C:\WINDOWS\inf
2008-10-08 23:02:35 ----D---- C:\Program Files\Common Files
2008-10-08 23:00:45 ----SHD---- C:\WINDOWS\Installer
2008-10-08 22:59:06 ----D---- C:\Program Files\Adobe
2008-10-07 21:41:19 ----D---- C:\WINDOWS\system32\drivers
2008-10-07 20:07:54 ----D---- C:\WINDOWS\system32
2008-10-06 23:19:07 ----ASH---- C:\boot.ini
2008-10-06 23:19:07 ----A---- C:\WINDOWS\win.ini
2008-10-06 23:19:07 ----A---- C:\WINDOWS\System.ini
2008-10-06 22:22:24 ----D---- C:\WINDOWS\system32\DirectX
2008-10-06 22:19:10 ----RSD---- C:\WINDOWS\assembly
2008-10-06 22:18:25 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-06 22:02:40 ----D---- C:\Documents and Settings
2008-10-06 16:37:40 ----D---- C:\Program Files\Grisoft
2008-10-04 20:29:26 ----D---- C:\WINDOWS\Downloaded Installations
2008-10-04 20:18:42 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-04 20:14:58 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-04 20:14:39 ----D---- C:\Program Files\Common Files\Adobe
2008-10-04 20:14:25 ----D---- C:\WINDOWS\WinSxS
2008-10-04 17:23:29 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-04 16:56:35 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-04 16:44:36 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-03 16:18:47 ----D---- C:\WINDOWS\system32\XPSViewer
2008-10-03 16:18:34 ----D---- C:\WINDOWS\system32\en-us
2008-10-03 16:18:12 ----RSD---- C:\WINDOWS\Fonts
2008-10-03 16

57 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-02 22:39:24 ----RHD---- C:\$VAULT$.AVG
2008-10-02 20:07:15 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-02 12:19:36 ----A---- C:\WINDOWS\Okey+.ini
2008-10-01 18:40:26 ----ASHC---- C:\WINDOWS\desktop.ini
2008-09-27 08:48:29 ----D---- C:\Program Files\BitTorrent
2008-09-26 15

15 ----D---- C:\WINDOWS\security
2008-09-26 14:46:26 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-25 07:12:47 ----SHD---- C:\WINDOWS\CSC
2008-09-20 10:17:43 ----D---- C:\Program Files\Common Files\System
2008-09-20 10:13:39 ----D---- C:\WINDOWS\system
2008-09-19 16:02:40 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-09-19 14:55:23 ----SHD---- C:\RECYCLER
2008-09-17 18:04:24 ----D---- C:\Program Files\eMule
2008-09-17 08:43:25 ----D---- C:\WINDOWS\system32\appmgmt
2008-09-17 07:49:15 ----AC---- C:\WINDOWS\OEWABLog.txt
2008-09-15 20:32:48 ----D---- C:\WINDOWS\Prefetch
2008-09-13 10:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-11 03:01:48 ----A---- C:\WINDOWS\imsins.BAK
2008-09-10 17:07:29 ----D---- C:\Program Files\Bonjour

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2008-01-07 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-03-14 4224]
R1 Avg7RsXP;AVG7 Rezident Driver; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-03-14 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-04-05 10760]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 SMTCPMON;Secretmaker TCP monitoring driver; C:\WINDOWS\System32\drivers\smtcpmon.sys [2004-12-29 11729]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-03-14 4960]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 sm;SECUREMAKER driver; C:\WINDOWS\System32\drivers\sm.sys [2007-07-05 30208]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-08-22 98752]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 HidUsb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-03-19 96768]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-11-01 533696]
R3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;Stuurprogramma voor USB-scanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S3 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 btaudio;Bluetooth-audioapparaat; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BTDriver;Bluetooth virtuele-communicatiestuurprogramma; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BthEnum;Stuurprogramma voor Bluetooth-aanvraagblok; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys []
S3 BthPan;Bluetooth-apparaat (PAN - Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Poortstuurprogramma voor Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272640]
S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio's; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
S3 BTKRNL;Bluetooth bus-enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwmodem;Bluetooth-modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-12 30189]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys []
S3 CCDECODE;Closed Caption-decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video-verbinding; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nm;Stuurprogramma voor Netwerkcontrole; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-10-07 47360]
S3 PsSdk41;PsSdk41; \??\C:\WINDOWS\system32\Drivers\pssdk41.sys []
S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 RHDISK;RHDISK; \??\K:\_rohos\RHDISK.SYS []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-09-07 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 snpstd;USB PC Camera (SN9C102); C:\WINDOWS\system32\DRIVERS\snpstd.sys [2004-04-09 301952]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 USBSTOR;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 WSTCODEC;World Standard Teletext-codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva039;XDva039; \??\C:\WINDOWS\system32\XDva039.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2008-01-07 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-03-14 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2008-04-05 406528]
R2 AVGFwSrv;AVG Firewall; C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe [2008-04-04 838656]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 lxcg_device;lxcg_device; C:\WINDOWS\system32\lxcgcoms.exe [2005-04-16 491520]
S2 Slave;RA Server; C:\WINDOWS\Slave.exe []
S3 aspnet_state;ASP.NET-statusservice; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-04 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S4 NetTcpPortSharing;Net.Tcp service voor het delen van poorten; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Windows Media Player Network Sharing-service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 917504]

-----------------EOF-----------------

tetonbob · 10-09-2008, 10:59 AM

Original log posted 10-02-2008, 02:39 PM

Can't merge topics, or the old one will take precedence, and you'll not be able to reply, since only staff and Original Poster can reply to topics in this section of the forums.

IT_Starter wrote:

Hello can anyone help me I can't delete my temp folder in C:\windows i'm guessing maybe it's a virus or spyware because it keeps saying : "can't delete Perflib_Perfdata_5f0.dat check if it's in use by another application and try again" I can't find the application so i'm guessing it's a virus or spyware already run hijackthis here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 20:15:32, on 2-10-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\vsnpstd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39E18B0E-8E43-4ED5-0990-8E41B0D626E4} - C:\DOCUME~1\BENIMS~1\APPLIC~1\CLOCKR~1\Compsupport.exe (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\system32\wintcpmod.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe (file missing)
O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/si...rInstallNL.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: RA Server (Slave) - Unknown owner - C:\WINDOWS\Slave.exe (file missing)

===================================

I will take some time to review these logs, and have some instructions for you afterward.

IT_Starter · 10-09-2008, 11:17 AM

yippie I can post a reply YEEEEEEEEEEEEAAAH (sorry about that I'm excited)

tetonbob · 10-09-2008, 11:27 AM

Ok, first thing is that if I understand you correctly, you're trying to delete the folder, C:\Windows\TEMP ? That's a legitimate folder, so you don't want to delete it.

perflib_perfdata* files are created by Windows or other applications. In use means that whatever application created it is still writing to the file. They are harmless. Temp file removers, such as CCleaner or CleanUp, will delete these upon reboot.

Next....

As stated in Step 1 of our pre-posting sticky...

http://www.techsupportforum.com/secu...oval-help.html

Quote:

If you have more than one AntiVirus installed

While this may seem like greater protection, it can cause problems including slowdowns, system hangs or even crashes. This can happen if both AntiVirus applications attempt to access the same file at the same time. This may cause the applications to interfere with each other, or cause the system to lock up. It can also be a drain on system resources, making a machine run slower than it should.

Therefore, uninstall all but one AntiVirus application using the Add or Remove Programs in the Control Panel before posting your logs. Be sure to leave one up-to-date AntiVirus application installed. If you're unsure about what to do, do nothing, and wait for the advice of the Analyst who helps you.

I see you have more than one Anti-Virus program installed, Avast and AVG 7.5. While this may seem like greater protection, it can cause problems including slowdowns and system hangs. Choose one to keep and uninstall the other.

Any antivirus program must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:

re-install the program -> reboot -> uninstall

Since AVG 7.5 will see it's end of life by year's end, I would suggest that be the one you uninstall.

-----------------------------------------------------------------------

I do see some signs of inactive infection.

Download HostsXpert.

Unzip HostsXpert to it's own folder.
Run HostsXpert.exe
Click "Make Writable?" in the upper left corner.
Click "Restore MS Hosts file" and then click OK.
Close HostsXpert.
Note: If a custom Hosts file was in place, you'll have to edit those entries back in.

-----------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Place a check next to the following entries if they exist (make sure you do not miss any) and click Fix Checked

O2 - BHO: (no name) - {39E18B0E-8E43-4ED5-0990-8E41B0D626E4} - C:\DOCUME~1\BENIMS~1\APPLIC~1\CLOCKR~1\Compsupport.exe (file missing)
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\system32\wintcpmod.exe

Close HijackThis now.

---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.

Delete the following folder if it exists:

C:\DOCUME~1\BENIMS~1\APPLIC~1\CLOCKR~1

This is a folder, likely named with two words, which begins with the letters CLOCKR

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Please go to: VirusTotal

On the page you'll find a "Browse" button.
Next to the browse button you'll see a box to enter text.
Please copy/paste the following:

C:\Documents and Settings\Benim\Application Data\inst.exe
Then click the "Send File " button just below.
This will scan the file. Please be patient.
Once scanned, copy and paste the results in your next reply.

---------------------------------------------------------------------------------------------

Download fl.zip
Extract the contents to a new folder on your Desktop.
Within the folder, locate & double-click fl.bat.
It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

IT_Starter · 10-09-2008, 12:17 PM

Hi tetonbob, here are the logs:

VirusTotal:

Bestand inst.exe ontvangen op 2008.10.04 16:38:21 (CET)
Huidig status: Einde

Resultaat: 0/36 (0.00%)
Geformatteerd Resultaten afdrukken
Antivirus Versie Laatst geüpdatet Resultaat
AhnLab-V3 2008.10.3.2 2008.10.03 -
AntiVir 7.8.1.34 2008.10.04 -
Authentium 5.1.0.4 2008.10.04 -
Avast 4.8.1248.0 2008.10.04 -
AVG 8.0.0.161 2008.10.04 -
BitDefender 7.2 2008.10.04 -
CAT-QuickHeal 9.50 2008.10.04 -
ClamAV 0.93.1 2008.10.04 -
DrWeb 4.44.0.09170 2008.10.04 -
eSafe 7.0.17.0 2008.10.02 -
eTrust-Vet 31.6.6127 2008.10.03 -
Ewido 4.0 2008.10.04 -
F-Prot 4.4.4.56 2008.10.03 -
F-Secure 8.0.14332.0 2008.10.04 -
Fortinet 3.113.0.0 2008.10.04 -
GData 19 2008.10.04 -
Ikarus T3.1.1.34.0 2008.10.04 -
K7AntiVirus 7.10.484 2008.10.04 -
Kaspersky 7.0.0.125 2008.10.04 -
McAfee 5398 2008.10.04 -
Microsoft 1.4005 2008.10.04 -
NOD32 3494 2008.10.03 -
Norman 5.80.02 2008.10.03 -
Panda 9.0.0.4 2008.10.04 -
PCTools 4.4.2.0 2008.10.04 -
Prevx1 V2 2008.10.04 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.04 -
Sophos 4.34.0 2008.10.04 -
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.10.04 -
TheHacker 6.3.1.0.100 2008.10.03 -
TrendMicro 8.700.0.1004 2008.10.03 -
VBA32 3.12.8.6 2008.10.03 -
ViRobot 2008.10.4.1406 2008.10.04 -
VirusBuster 4.5.11.0 2008.10.04 -
Extra informatie
File size: 87608 bytes
MD5...: 254fbca565e049648b0cce2ceadf05d2
SHA1..: f5c6d09fcd7df2f8efd51c2bcf7ef0702686071c
SHA256: c74d2fa6374b5f1e251e3205de0efe99ed026b8b7a0ad5ee549ee3700f8e63d7
SHA512: 9f587078ac71165f4b862f59ffa9279c92d3c84c19080b9f71d3c3a54964a5e0
a8a55d160f7fee7d505ccb41afea9f8720a475de2de50219037a435ccbc55709
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x402277
timedatestamp.....: 0x44a114a2 (Tue Jun 27 11:21:06 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xc1d4 0xd000 6.39 8b23740868f02bb731a1556e3e89ec4b
.rdata 0xe000 0x25c2 0x3000 4.48 1c4aa9b67a1e4fb62d587545d74e9148
.data 0x11000 0x2e48 0x2000 1.28 e79d5ce42e7132af5b6039889e4670ab
.rsrc 0x14000 0xb0 0x1000 3.06 cec9b95146f57b35474dc9da6c445146

( 6 imports )
> newdev.dll: UpdateDriverForPlugAndPlayDevicesW
> SETUPAPI.dll: SetupDiRemoveDevice, SetupDiCallClassInstaller, SetupDiSetDeviceRegistryPropertyW, SetupDiCreateDeviceInfoW, SetupDiCreateDeviceInfoList, SetupDiGetDeviceRegistryPropertyW, SetupDiOpenDeviceInfoW
> KERNEL32.dll: HeapSize, ReadFile, SetEndOfFile, WriteConsoleW, CreateFileA, FormatMessageW, GetLastError, CloseHandle, GetCurrentProcess, GetPrivateProfileStringW, MultiByteToWideChar, LocalFree, GetModuleFileNameA, GetConsoleOutputCP, WriteConsoleA, LoadLibraryA, GetCommandLineA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EnterCriticalSection, LeaveCriticalSection, RtlUnwind, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, GetProcAddress, GetModuleHandleA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, ExitProcess, WriteFile, GetStdHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, VirtualAlloc, HeapReAlloc, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, Sleep, CreateFileW, InitializeCriticalSection, SetFilePointer, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA
> ADVAPI32.dll: LookupPrivilegeValueA, AdjustTokenPrivileges, OpenProcessToken
> SHELL32.dll: SHGetFolderPathW
> ole32.dll: CLSIDFromString

( 0 exports )
___________________________________

findlop:

Het volume in station C heeft geen naam.
Het volumenummer is F831-574B

Map van C:\Documents and Settings\All Users\Application Data

04-10-2008 20:14 <DIR> Adobe
09-10-2008 20:49 <DIR> Avg7
19-06-2008 20:29 <DIR> EmailNotifier
04-04-2008 22:37 <DIR> FLEXnet
06-02-2007 16:18 <DIR> Google
09-10-2008 20:47 <DIR> Grisoft
10-02-2007 16:57 <DIR> Messenger Plus!
06-10-2008 22:37 <DIR> Microsoft Help
17-05-2008 17:21 <DIR> NCH Software
17-05-2008 17:21 <DIR> NCH Swift Sound
04-10-2008 20:18 <DIR> NOS
03-04-2008 13:19 <DIR> open download bows body
22-08-2005 13:04 <DIR> QuickTime
27-04-2005 22:15 <DIR> Support.com
06-10-2008 00:45 <DIR> TEMP
02-04-2008 18:20 <DIR> two setup mode load
06-04-2006 16:45 <DIR> Windows Genuine Advantage
21-03-2008 20:40 <DIR> WLInstaller
27-12-2005 16:22 <DIR> Zylom
0 bestand(en) 0 bytes
19 map(pen) 2.153.799.680 bytes beschikbaar
Het volume in station C heeft geen naam.
Het volumenummer is F831-574B

Map van C:\Documents and Settings\Benim\Application Data

08-10-2008 22:59 <DIR> Adobe
07-10-2008 20:15 <DIR> Ahead
07-10-2008 21:32 <DIR> Canneverbe_Limited
09-10-2008 20:03 <DIR> Help
17-09-2008 07:49 <DIR> Identities
08-10-2008 23:01 87.608 inst.exe
09-10-2008 17:37 <DIR> InterVideo
07-10-2008 22:33 <DIR> Macromedia
08-10-2008 23:01 7.887 pcouffin.cat
08-10-2008 23:01 1.144 pcouffin.inf
08-10-2008 23:01 33 pcouffin.log
08-10-2008 23:01 47.360 pcouffin.sys
08-10-2008 23:01 <DIR> Vso
06-10-2008 22:08 <DIR> WinRAR
5 bestand(en) 144.032 bytes
9 map(pen) 2.153.799.680 bytes beschikbaar
Het volume in station C heeft geen naam.
Het volumenummer is F831-574B

Map van C:\Documents and Settings\Default User\Application Data

27-04-2005 21:50 <DIR> .
27-04-2005 21:50 <DIR> ..
27-04-2005 21:50 62 desktop.ini
1 bestand(en) 62 bytes
2 map(pen) 2.153.799.680 bytes beschikbaar
Het volume in station C heeft geen naam.
Het volumenummer is F831-574B

Map van C:\Documents and Settings\LocalService\Application Data

Het volume in station C heeft geen naam.
Het volumenummer is F831-574B

Map van C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'AEE4AD0E94FF22AA.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\benims~1\applic~1\creati~1\mapi that show.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'benimsanane'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 04/01/2008 8:00:00
NextRun: 10/09/2008 22:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/08/2000
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

_________________________________

Hijackthis.log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:09, on 9-10-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\vsnpstd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Benim\Bureaublad\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.google.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (file missing)
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [UltraSMS] C:\Program Files\UltraSMS\UltraSMS.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PrjLithium] C:\Program Files\Project Lithium\prjLithium.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-20 Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'Netwerkservice')
O4 - S-1-5-18 Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe (file missing)
O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/si...rInstallNL.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RA Server (Slave) - Unknown owner - C:\WINDOWS\Slave.exe (file missing)

--
End of file - 7773 bytes
________________________________________

tetonbob · 10-09-2008, 12:46 PM

P2P - I see you have P2P software ( eMule, Kazaa Lite ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

Please download the OTMoveIt3 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Quote:

:Files
C:\Documents and Settings\All Users\Application Data\open download bows body
C:\Documents and Settings\All Users\Application Data\two setup mode load
C:\Windows\Tasks\AEE4AD0E94FF22AA.job

:commands
[emptytemp]

Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

IT_Starter · 10-09-2008, 01:15 PM

Hi here are the resultd tetonbob and that other problem I'm really concerned about is: When I shut down my computer from start -> Shutdown -> shutdown it shuts down my computer but then 5 minutes after it starts up

all by it self and I don't even press the on / off button.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\open download bows body moved successfully.
C:\Documents and Settings\All Users\Application Data\two setup mode load moved successfully.
C:\Windows\Tasks\AEE4AD0E94FF22AA.job moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Benim\LOCALS~1\Temp\~DF8F0D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Benim\LOCALS~1\Temp\~DFA322.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\unp80945694.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5c0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.4.2 log created on 10092008_220103

Files moved on Reboot...
File C:\DOCUME~1\Benim\LOCALS~1\Temp\~DF8F0D.tmp not found!
C:\DOCUME~1\Benim\LOCALS~1\Temp\~DFA322.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\_avast4_\unp80945694.tmp not found!
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\Perflib_Perfdata_5c0.dat not found!

tetonbob · 10-09-2008, 01:30 PM

That issue is not likely malware related, and could have something to do with hardware or OS. Best to ask in one of those sections, once we're done.

Question:

Do you know what this is?

Best Hacking Tools -85in1

O4 - S-1-5-20 Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'Netwerkservice')
O4 - S-1-5-18 Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'Default user')

IT_Starter · 10-09-2008, 01:57 PM

Hmmm... can't come up it right now...

I'll delete it

P.S tetonbob I'm going off to bed Tired so.., right now so maybe tomorrow you can help me out

+ I installed Spyware blaster and CFP

tetonbob · 10-09-2008, 02:10 PM

I don't know what CFP is...

It's best not to make system changes unless directed by me, while we're working together.

If you don't know what Best Hacking Tools -85in1 is, you can fix these with HijackThis:

Open HijackThis and click on 'Do a System Scan Only'. Place a check next to the following entries if they exist (make sure you do not miss any) and click Fix Checked

O4 - S-1-5-20 Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'Netwerkservice')
O4 - S-1-5-18 Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'Default user')

Close HijackThis now.

---------------------------------------------------------------------------------------------

IT_Starter · 10-10-2008, 12:14 AM

Hi tetonbob,

at this moment I am at my work, systemadmin assistent on a school but I will write down your instructions so

But CFP means Comodo Firewall Pro

but I will check it with hijackthis

IT_Starter · 10-13-2008, 12:45 AM

Hi tetonbob new problem occured the computer has now network issues

it can't get an ip so I will try to reply as much as I can

Greets,

IT_Starter

10-09-2008, 10:59 AM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 32,559 OS: 2000 Pro; XP Pro; XP Home	Re: Can't Delete Temp Folder in windows perflib_perfdata5f0.dat in use? Original log posted 10-02-2008, 02:39 PM Can't merge topics, or the old one will take precedence, and you'll not be able to reply, since only staff and Original Poster can reply to topics in this section of the forums. IT_Starter wrote: Hello can anyone help me I can't delete my temp folder in C:\windows i'm guessing maybe it's a virus or spyware because it keeps saying : "can't delete Perflib_Perfdata_5f0.dat check if it's in use by another application and try again" I can't find the application so i'm guessing it's a virus or spyware already run hijackthis here's my log: Logfile of HijackThis v1.99.1 Scan saved at 20:15:32, on 2-10-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\vsnpstd.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\WISPTIS.EXE C:\WINDOWS\system32\lxcgcoms.exe C:\WINDOWS\explorer.exe C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {39E18B0E-8E43-4ED5-0990-8E41B0D626E4} - C:\DOCUME~1\BENIMS~1\APPLIC~1\CLOCKR~1\Compsupport.exe (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing) O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DSS] C:\WINDOWS\system32\wintcpmod.exe O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe (file missing) O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/si...rInstallNL.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe O23 - Service: RA Server (Slave) - Unknown owner - C:\WINDOWS\Slave.exe (file missing) =================================== I will take some time to review these logs, and have some instructions for you afterward. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.

10-09-2008, 11:17 AM	#3 (permalink)
IT_Starter Registered User Join Date: Oct 2008 Posts: 7 OS:	Re: Can't Delete Temp Folder in windows perflib_perfdata5f0.dat in use? yippie I can post a reply YEEEEEEEEEEEEAAAH (sorry about that I'm excited)

10-09-2008, 12:17 PM	#5 (permalink)
IT_Starter Registered User Join Date: Oct 2008 Posts: 7 OS:	Re: Can't Delete Temp Folder in windows perflib_perfdata5f0.dat in use? Hi tetonbob, here are the logs: VirusTotal: Bestand inst.exe ontvangen op 2008.10.04 16:38:21 (CET) Huidig status: Einde Resultaat: 0/36 (0.00%) Geformatteerd Resultaten afdrukken Antivirus Versie Laatst geüpdatet Resultaat AhnLab-V3 2008.10.3.2 2008.10.03 - AntiVir 7.8.1.34 2008.10.04 - Authentium 5.1.0.4 2008.10.04 - Avast 4.8.1248.0 2008.10.04 - AVG 8.0.0.161 2008.10.04 - BitDefender 7.2 2008.10.04 - CAT-QuickHeal 9.50 2008.10.04 - ClamAV 0.93.1 2008.10.04 - DrWeb 4.44.0.09170 2008.10.04 - eSafe 7.0.17.0 2008.10.02 - eTrust-Vet 31.6.6127 2008.10.03 - Ewido 4.0 2008.10.04 - F-Prot 4.4.4.56 2008.10.03 - F-Secure 8.0.14332.0 2008.10.04 - Fortinet 3.113.0.0 2008.10.04 - GData 19 2008.10.04 - Ikarus T3.1.1.34.0 2008.10.04 - K7AntiVirus 7.10.484 2008.10.04 - Kaspersky 7.0.0.125 2008.10.04 - McAfee 5398 2008.10.04 - Microsoft 1.4005 2008.10.04 - NOD32 3494 2008.10.03 - Norman 5.80.02 2008.10.03 - Panda 9.0.0.4 2008.10.04 - PCTools 4.4.2.0 2008.10.04 - Prevx1 V2 2008.10.04 - Rising 20.63.62.00 2008.09.28 - SecureWeb-Gateway 6.7.6 2008.10.04 - Sophos 4.34.0 2008.10.04 - Sunbelt 3.1.1675.1 2008.09.27 - Symantec 10 2008.10.04 - TheHacker 6.3.1.0.100 2008.10.03 - TrendMicro 8.700.0.1004 2008.10.03 - VBA32 3.12.8.6 2008.10.03 - ViRobot 2008.10.4.1406 2008.10.04 - VirusBuster 4.5.11.0 2008.10.04 - Extra informatie File size: 87608 bytes MD5...: 254fbca565e049648b0cce2ceadf05d2 SHA1..: f5c6d09fcd7df2f8efd51c2bcf7ef0702686071c SHA256: c74d2fa6374b5f1e251e3205de0efe99ed026b8b7a0ad5ee549ee3700f8e63d7 SHA512: 9f587078ac71165f4b862f59ffa9279c92d3c84c19080b9f71d3c3a54964a5e0 a8a55d160f7fee7d505ccb41afea9f8720a475de2de50219037a435ccbc55709 PEiD..: - TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x402277 timedatestamp.....: 0x44a114a2 (Tue Jun 27 11:21:06 2006) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xc1d4 0xd000 6.39 8b23740868f02bb731a1556e3e89ec4b .rdata 0xe000 0x25c2 0x3000 4.48 1c4aa9b67a1e4fb62d587545d74e9148 .data 0x11000 0x2e48 0x2000 1.28 e79d5ce42e7132af5b6039889e4670ab .rsrc 0x14000 0xb0 0x1000 3.06 cec9b95146f57b35474dc9da6c445146 ( 6 imports ) > newdev.dll: UpdateDriverForPlugAndPlayDevicesW > SETUPAPI.dll: SetupDiRemoveDevice, SetupDiCallClassInstaller, SetupDiSetDeviceRegistryPropertyW, SetupDiCreateDeviceInfoW, SetupDiCreateDeviceInfoList, SetupDiGetDeviceRegistryPropertyW, SetupDiOpenDeviceInfoW > KERNEL32.dll: HeapSize, ReadFile, SetEndOfFile, WriteConsoleW, CreateFileA, FormatMessageW, GetLastError, CloseHandle, GetCurrentProcess, GetPrivateProfileStringW, MultiByteToWideChar, LocalFree, GetModuleFileNameA, GetConsoleOutputCP, WriteConsoleA, LoadLibraryA, GetCommandLineA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EnterCriticalSection, LeaveCriticalSection, RtlUnwind, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, GetProcAddress, GetModuleHandleA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, ExitProcess, WriteFile, GetStdHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, VirtualAlloc, HeapReAlloc, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, Sleep, CreateFileW, InitializeCriticalSection, SetFilePointer, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA > ADVAPI32.dll: LookupPrivilegeValueA, AdjustTokenPrivileges, OpenProcessToken > SHELL32.dll: SHGetFolderPathW > ole32.dll: CLSIDFromString ( 0 exports ) ___________________________________ findlop: Het volume in station C heeft geen naam. Het volumenummer is F831-574B Map van C:\Documents and Settings\All Users\Application Data 04-10-2008 20:14 <DIR> Adobe 09-10-2008 20:49 <DIR> Avg7 19-06-2008 20:29 <DIR> EmailNotifier 04-04-2008 22:37 <DIR> FLEXnet 06-02-2007 16:18 <DIR> Google 09-10-2008 20:47 <DIR> Grisoft 10-02-2007 16:57 <DIR> Messenger Plus! 06-10-2008 22:37 <DIR> Microsoft Help 17-05-2008 17:21 <DIR> NCH Software 17-05-2008 17:21 <DIR> NCH Swift Sound 04-10-2008 20:18 <DIR> NOS 03-04-2008 13:19 <DIR> open download bows body 22-08-2005 13:04 <DIR> QuickTime 27-04-2005 22:15 <DIR> Support.com 06-10-2008 00:45 <DIR> TEMP 02-04-2008 18:20 <DIR> two setup mode load 06-04-2006 16:45 <DIR> Windows Genuine Advantage 21-03-2008 20:40 <DIR> WLInstaller 27-12-2005 16:22 <DIR> Zylom 0 bestand(en) 0 bytes 19 map(pen) 2.153.799.680 bytes beschikbaar Het volume in station C heeft geen naam. Het volumenummer is F831-574B Map van C:\Documents and Settings\Benim\Application Data 08-10-2008 22:59 <DIR> Adobe 07-10-2008 20:15 <DIR> Ahead 07-10-2008 21:32 <DIR> Canneverbe_Limited 09-10-2008 20:03 <DIR> Help 17-09-2008 07:49 <DIR> Identities 08-10-2008 23:01 87.608 inst.exe 09-10-2008 17:37 <DIR> InterVideo 07-10-2008 22:33 <DIR> Macromedia 08-10-2008 23:01 7.887 pcouffin.cat 08-10-2008 23:01 1.144 pcouffin.inf 08-10-2008 23:01 33 pcouffin.log 08-10-2008 23:01 47.360 pcouffin.sys 08-10-2008 23:01 <DIR> Vso 06-10-2008 22:08 <DIR> WinRAR 5 bestand(en) 144.032 bytes 9 map(pen) 2.153.799.680 bytes beschikbaar Het volume in station C heeft geen naam. Het volumenummer is F831-574B Map van C:\Documents and Settings\Default User\Application Data 27-04-2005 21:50 <DIR> . 27-04-2005 21:50 <DIR> .. 27-04-2005 21:50 62 desktop.ini 1 bestand(en) 62 bytes 2 map(pen) 2.153.799.680 bytes beschikbaar Het volume in station C heeft geen naam. Het volumenummer is F831-574B Map van C:\Documents and Settings\LocalService\Application Data Het volume in station C heeft geen naam. Het volumenummer is F831-574B Map van C:\Documents and Settings\NetworkService\Application Data [TRACE] Enumerating jobs and queues [TRACE] Activating job 'AEE4AD0E94FF22AA.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\benims~1\applic~1\creati~1\mapi that show.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'benimsanane' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 04/01/2008 8:00:00 NextRun: 10/09/2008 22:00:00 StartError: 0x80070002 ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 10/08/2000 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 _________________________________ Hijackthis.log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:14:09, on 9-10-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\vsnpstd.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Innovative Solutions\DriverMax\devices.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Benim\Bureaublad\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.google.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (file missing) O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing) O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [UltraSMS] C:\Program Files\UltraSMS\UltraSMS.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [PrjLithium] C:\Program Files\Project Lithium\prjLithium.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-20 Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'Netwerkservice') O4 - S-1-5-18 Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'SYSTEM') O4 - .DEFAULT Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe (file missing) O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - C:\Program Files\Magic NetTrace\MTIE.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/si...rInstallNL.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RA Server (Slave) - Unknown owner - C:\WINDOWS\Slave.exe (file missing) -- End of file - 7773 bytes ________________________________________

10-09-2008, 01:15 PM	#7 (permalink)
IT_Starter Registered User Join Date: Oct 2008 Posts: 7 OS:	Re: Can't Delete Temp Folder in windows perflib_perfdata5f0.dat in use? Hi here are the resultd tetonbob and that other problem I'm really concerned about is: When I shut down my computer from start -> Shutdown -> shutdown it shuts down my computer but then 5 minutes after it starts up all by it self and I don't even press the on / off button. ========== FILES ========== C:\Documents and Settings\All Users\Application Data\open download bows body moved successfully. C:\Documents and Settings\All Users\Application Data\two setup mode load moved successfully. C:\Windows\Tasks\AEE4AD0E94FF22AA.job moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Benim\LOCALS~1\Temp\~DF8F0D.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Benim\LOCALS~1\Temp\~DFA322.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\_avast4_\unp80945694.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5c0.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.4.2 log created on 10092008_220103 Files moved on Reboot... File C:\DOCUME~1\Benim\LOCALS~1\Temp\~DF8F0D.tmp not found! C:\DOCUME~1\Benim\LOCALS~1\Temp\~DFA322.tmp moved successfully. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File C:\WINDOWS\temp\_avast4_\unp80945694.tmp not found! File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found! File C:\WINDOWS\temp\Perflib_Perfdata_5c0.dat not found!

10-09-2008, 01:30 PM	#8 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 32,559 OS: 2000 Pro; XP Pro; XP Home	Re: Can't Delete Temp Folder in windows perflib_perfdata5f0.dat in use? That issue is not likely malware related, and could have something to do with hardware or OS. Best to ask in one of those sections, once we're done. Question: Do you know what this is? Best Hacking Tools -85in1 O4 - S-1-5-20 Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'Netwerkservice') O4 - S-1-5-18 Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'SYSTEM') O4 - .DEFAULT Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'Default user') __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.

10-09-2008, 01:57 PM	#9 (permalink)
IT_Starter Registered User Join Date: Oct 2008 Posts: 7 OS:	Re: Can't Delete Temp Folder in windows perflib_perfdata5f0.dat in use? Hmmm... can't come up it right now... I'll delete it P.S tetonbob I'm going off to bed Tired so.., right now so maybe tomorrow you can help me out + I installed Spyware blaster and CFP

10-09-2008, 02:10 PM	#10 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 32,559 OS: 2000 Pro; XP Pro; XP Home	Re: Can't Delete Temp Folder in windows perflib_perfdata5f0.dat in use? I don't know what CFP is... It's best not to make system changes unless directed by me, while we're working together. If you don't know what Best Hacking Tools -85in1 is, you can fix these with HijackThis: Open HijackThis and click on 'Do a System Scan Only'. Place a check next to the following entries if they exist (make sure you do not miss any) and click Fix Checked O4 - S-1-5-20 Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'Netwerkservice') O4 - S-1-5-18 Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'SYSTEM') O4 - .DEFAULT Startup: TrayIt!.lnk = C:\Documents and Settings\NetworkService\Bureaublad\apbht\Best Hacking Tools -85in1- [MUST HAVE] (AIO)\Best Hacking Tools\data\Tray\TrayIt!.exe (User 'Default user') Close HijackThis now. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message. Last edited by tetonbob; 10-09-2008 at 02:11 PM.

10-10-2008, 12:14 AM	#11 (permalink)
IT_Starter Registered User Join Date: Oct 2008 Posts: 7 OS:	Re: Can't Delete Temp Folder in windows perflib_perfdata5f0.dat in use? Hi tetonbob, at this moment I am at my work, systemadmin assistent on a school but I will write down your instructions so But CFP means Comodo Firewall Pro but I will check it with hijackthis

10-13-2008, 12:45 AM	#12 (permalink)
IT_Starter Registered User Join Date: Oct 2008 Posts: 7 OS:	Re: Can't Delete Temp Folder in windows perflib_perfdata5f0.dat in use? Hi tetonbob new problem occured the computer has now network issues it can't get an ip so I will try to reply as much as I can Greets, IT_Starter